Great write-up. However the Resource Groups API still has a major flaw in that it cannot give you tag data on provisioned resources that have never been tagged.
That's true. Out of curiosity, when has that been an issue for you? When I'm pulling tags, I'm typically also pulling other information from a service API and merging it with the tag data. There have been a couple exceptions though:
When I've wanted a central, service-neutral way to report on untagged resources.
This isn't bad to work around most of the time.
When I wanted to reliably list all SQS queues in an account with more than 1,000 queues.
This one is a bit more tedious since ListQueues doesn't support pagination. It's doable by listing queues with different name prefixes, just feels like an awkward edge case. If the Resource Groups Tagging API could reliably list all queues regardless of whether they had ever been tagged, it would have been a nice surprise.
I'm curious about other places where the Resource Groups Tagging API is almost a good fit.
One major issue that comes up is if you want to use tags to track billing. This requires some sort of tagging compliance system where untagged resources in an application are detected and remediated so that organizations can have the most accurate data possible on the cost of their applications. If the Resource Group API also returned provisioned resources that were never tagged, tagging governance would be a lot less complicated in general.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.